Short version: we read your submission, reply to you, and keep it on a secure database. When your case is ready to move, the on-the-ground filing in Italy is handled by a qualified specialist there, and we share your details with them only after you give us the go-ahead. We never sell your information to advertisers or data brokers. The longer version is below — written in plain English because you should be able to tell what happens to your family details without a lawyer.
Information current as of June 2026.
When you submit the eligibility form we ask for, and keep, exactly these fields:
Alongside the submission, we also store technical context to detect spam and understand which channels bring real people:
We do not ask for, and do not store, payment information or government documents at this stage.
Submissions are stored in a Postgres database hosted by Supabase in the European Union (Frankfurt region). Connections are encrypted in transit (TLS) and the database is encrypted at rest by the provider. Direct read or write access from the public internet is blocked at the row level; only our server can insert new rows, using a private service-role key that is never exposed to your browser.
We never sell your data to advertisers or data brokers, and we do not use it for ad retargeting.
We use a small number of third-party services to operate Patria Citizenship, and the on-the-ground filing in Italy is handled by a qualified specialist there once your case is qualified. Each only sees the data it needs:
None of them may use your data for their own marketing. The specialist receives your details for one purpose: handling your citizenship case.
We use Google Analytics 4 and Google Ads tagging to understand which marketing channels bring real visitors. These services set first-party cookies (typical names like _ga, _gid, _gcl_au) and collect:
You can opt out via your browser's privacy controls, a tracking blocker, or the official Google Analytics opt-out add-on.
Submissions are kept until you ask us to delete them, or for up to 24 months after our last reply — whichever comes first. After that, the row is removed from the production database. Backups age out within 30 days.
If you are in the EU, EEA, or UK, the GDPR gives you the right to:
Residents of California (CCPA/CPRA) and similar US-state regimes have parallel rights: to know, delete, correct, and opt out of any "sale" or "sharing." We never sell your data to advertisers or data brokers, and we do not share it for cross-context advertising. Your details reach the specialist handling your case only when you tell us to send them, and you can withdraw that instruction at any time.
To exercise any of these rights, email us (see below) or simply reply to any Patria Citizenship message you have received. We respond within 30 days and will not ask for anything beyond what is needed to verify your request.
For privacy questions, deletion requests, or anything else about your data:
hello@patriacitizenship.com
Patria Citizenship is a U.S.-based service in pilot phase. This policy will be updated as the service grows; the "as of" date at the top reflects the current version.